Filtered by vendor Openclaw
Subscribe
Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32011 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.5 HIGH |
| OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request bodies to exhaust parser resources and degrade service availability. | |||||
| CVE-2026-32010 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.3 MEDIUM |
| OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled. | |||||
| CVE-2026-32020 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 3.3 LOW |
| OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root. | |||||
| CVE-2026-32024 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 5.5 MEDIUM |
| OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local files accessible to the OpenClaw process. | |||||
| CVE-2026-32008 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the OpenClaw process user through browser snapshot and extraction actions to exfiltrate sensitive data. | |||||
| CVE-2026-32041 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.9 MEDIUM |
| OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including evaluate-capable actions without valid credentials. | |||||
| CVE-2026-32040 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 4.6 MEDIUM |
| OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType attributes that break out of the img src data-URL context to achieve cross-site scripting when exported HTML is opened. | |||||
| CVE-2026-32039 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 5.9 MEDIUM |
| OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutable identity values such as senderName or senderUsername to bypass sender-authorization policies and gain unauthorized access to privileged tools. | |||||
| CVE-2026-32038 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 9.8 CRITICAL |
| OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container:<id> values to reach services in target container namespaces and bypass network hardening controls. | |||||
| CVE-2026-32037 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.0 MEDIUM |
| OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls. | |||||
| CVE-2026-32026 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms. | |||||
| CVE-2026-32036 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.5 MEDIUM |
| OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls. | |||||
| CVE-2026-32025 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.5 HIGH |
| OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-force attacks against the gateway to establish an authenticated operator session and invoke control-plane methods. | |||||
| CVE-2026-32042 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted. | |||||
| CVE-2026-32044 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 5.5 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation. | |||||
| CVE-2026-32049 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.5 HIGH |
| OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability. | |||||
| CVE-2026-32050 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 3.7 LOW |
| OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation. | |||||
| CVE-2026-32051 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution. | |||||
| CVE-2026-32052 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.4 MEDIUM |
| OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation. | |||||
| CVE-2026-32055 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.6 HIGH |
| OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations. | |||||